Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security and Common Sense Richard Henson University of Worcester October 2008.

Published byConrad Sailors Modified over 10 years ago

Similar presentations

Presentation on theme: "Information Security and Common Sense Richard Henson University of Worcester October 2008."— Presentation transcript:

1 Information Security and Common Sense Richard Henson University of Worcester October 2008

2 Why has Data Security become such a problem? n End User Computing n Advances in Technology n Confusion about the Data Protection Act n Lack of policy or inconsistent implementation of policy n Data handling training issues

3 The Rise of End User Computing n In the 1980s, organisational data was kept either in: –centralised computers –secure filing cabinets n The PC offered the possibility of organisational data in the hands of non professionals… –network administrators predicted there would be big problems… –few people listened… THEY SHOULD HAVE!

4 Where are we now with Information Technology? n Days of mainframe or centralised computing… comparable to mass transport systems (e.g. stage coach, railways, bus) –professional drivers –people driven about

5 Another e.g. of Technological Change bringing about Cultural Change… n Coming of the motor car…

6 The Coming of the Personal Computer… –In technology/society terms, the equivalent of the motor car…

7 Result of the motor car cultural change… n Transport became personalised –those handling motor vehicles were often a menace to other road users –many accidents, injuries, lives lost n Only controlled through the use of legislation (e.g. Highway Code) –and then more legislation (e.g. Driving Test)… »and yet more legislation!!! (e.g. National Speed Limit)

8 Are roads safe today? n UK Road deaths been falling consistently for many years n So a cultural problem CAN be brought under control… n What about the perils of end user computing…

9 Digital Data and the Law n What do we have for keeping computer users in order? –the Data Protection Act n Problem… dates back to 1984 –BEFORE end user computing n Update in 1998 –did not address the problems associated with putting the end user in control »e.g. digital data can be easily carried around

10 The New Law n Finally (2008) legislation is being updated to acknowledge the problem –New offence of Data Recklessness –Information Commissioners Office (ICO) has increased powers.. »further changes expected during the 2008-9 Parliamentary Session Information Commissioner Richard Thomas

11 Why such a long wait? n Again… back to the motor car n Highways Act? –became law in 1835 –only substantially updated in… 1959 –Why then? had become »a matter of public concern n Equally, Data Protection is now A MATTER OF PUBLIC CONCERN –latest surveys; people now as concerned about their privacy as they are about terrorism!

12 What are the consequences for Organisations? They need to get serious about data protection, or risk the wrath of the Information Commissioners OfficeThey need to get serious about data protection, or risk the wrath of the Information Commissioners Office first to suffer was…first to suffer was… Richard Branston, Virgin Media (3383 customer records went missing)Richard Branston, Virgin Media (3383 customer records went missing) Would you want to be next???Would you want to be next???

13 What to do? n Apply common sense! –establish, or update the organisations Information Security Policy –key role: Data Controller - make sure all employees are aware of the law… »make sure systems are in place to make sure that policy works at operational (end user) level »make sure the systems are auditable, and regularly audited

14 Dont Know where to start? n There is now an International Standard: –ISO 27001 –based on British Standard BS7799 »UK leading the world in design… »but not implementation! –any organisation achieving this quality standard gains in two crucial ways: »unlikely to lose data through recklessness »can use the ISO 27001 kitemark to show potential customers that their personal data is being properly looked after

15 Is getting ISO 27001 cost-effective? n BIG question –even before… »credit crunch arrived »data recklessness became law n Cost overhead of ISO 27001 quantifiable –intensive, highly focussed courses –paperwork deliberately customisable to meet the needs of large and small organisations n If data is lost, what of the cost overhead of: –bad press? –disgruntled customers? –hefty fines?

16 Is good Information Security Common Sense? n YES… –just as driving safely is common sense n BUT… n What would the roads be like today if: –1835 Highways Act was still in force unchanged? –no-one had to pass a driving test? n QUESTIONS???

Download ppt "Information Security and Common Sense Richard Henson University of Worcester October 2008."

Similar presentations

Help, yes or no ?. Traffic accidents, as one of the important social problems, have always been paid great concern. In most of the big cities, every day,

Help, yes or no ?. Traffic accidents, as one of the important social problems, have always been paid great concern. In most of the big cities, every day,
George Yannis European Transport Safety Council, www.etsc.be Learning from each other Road accident data in the enlarged European Union.

George Yannis European Transport Safety Council, Learning from each other Road accident data in the enlarged European Union.
© Les Kelly Complete Training UK 2012 Driver Certificate of Professional Competence Course 7 Operational Procedures.

© Les Kelly Complete Training UK 2012 Driver Certificate of Professional Competence Course 7 Operational Procedures.
How to stay safe on the road

How to stay safe on the road
Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November 2000. The Act will be fully in force by January.

Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November The Act will be fully in force by January.
Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
Enforcement A Safe Streets for London Priority

Enforcement A Safe Streets for London Priority
POLICING THE UK ROADS Meredydd Hughes QPM ACPO Head of Roads Policing.

POLICING THE UK ROADS Meredydd Hughes QPM ACPO Head of Roads Policing.
A practical tool for driving customer-focused change.

A practical tool for driving customer-focused change.
The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator. Vehicle Use Safety Procedures Presentation to MSCSA.

The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator. Vehicle Use Safety Procedures Presentation to MSCSA.
Wheelchair and Passenger Restraints Your Logo Here A straightforward presentation to be viewed at your leisure, but not to be ignored. Working with equipment.

Wheelchair and Passenger Restraints Your Logo Here A straightforward presentation to be viewed at your leisure, but not to be ignored. Working with equipment.
District 1220 Assembly 2006 Health and Safety HEALTH AND SAFETY For Rotary District 1220 and its Member Clubs.

District 1220 Assembly 2006 Health and Safety HEALTH AND SAFETY For Rotary District 1220 and its Member Clubs.
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
Digital Ditch: Creating political support for digital roads 1 Digital Ditch: Creating political support for digital roads Jesper Sølund Head of Press and.

Digital Ditch: Creating political support for digital roads 1 Digital Ditch: Creating political support for digital roads Jesper Sølund Head of Press and.
CASH HANDLING Training Presentation

CASH HANDLING Training Presentation
Managing Risk Minimising Insurance Risks –Legal requirements –Premises –Equipment –Employees –Theft and fraud –Transport –Insuring the risks Risk Management.

Managing Risk Minimising Insurance Risks –Legal requirements –Premises –Equipment –Employees –Theft and fraud –Transport –Insuring the risks Risk Management.
Module 6: The impact of national policy and legislation

Module 6: The impact of national policy and legislation
Graduated Licensing. Developing Novice Driver Skills Highway Traffic Safety is a serious social & economical problem...

Graduated Licensing. Developing Novice Driver Skills Highway Traffic Safety is a serious social & economical problem...
Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users SAFETEA-LU Key Safety Provisions Federal Highway Administration.

Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users SAFETEA-LU Key Safety Provisions Federal Highway Administration.

Similar presentations

Ads by Google